Yes, but curiously enough, there were no calls into it... oh, OH! I see where you're going with this! But I am the soap. Bonus state of play: OK. I can't find an off-the-shelf tool to help me do this. The latest version of OllyDbg promised much (with its support for debugging into child processes), but since it has surprisingly little control over break on DLL load (it's an all-or-nothing affair)... keeping four processes ticking along so their IPC isn't disturbed, while they load around 100 DLLs between them, is impossible with my slow, fat fingers. So, I'm writing what amounts to a damned rootkit to trap all DLL calls, in all child processes. This will take days. I've not admitted defeat yet. I'm like a dog with a bone, and I won't give up until I've tasted the delicious marrow of MSDELTA.DLL.